Logsurfer's exec command literally runs /bin/echo with the rest of the
command line passed as arguments, it doesn't invoke a shell to interpret
the '|' pipe command. So in your case below the following string is
literally echo'd to logsurfer's stdout:

.. and you'll probably see that string coming out in logsurfer's own log
file. For this sort of complex action you should call a script to format
the strings (and remove any bad characters that a clever attacker could
have injected) before invoking mail.